There’s nothing wrong with saying that you “own” data. Public Knowledge has supported data ownership as a colloquialism that reflects an intuition: Data about us provides information regarding the intimacies of our very identity and existence. Speaking in this way, we should certainly “own” or have control over that data to protect our fundamental right to privacy.
About a week ago, I did my usual check-in with Rick Beato’s channel on YouTube to see what new videos he had in store for me. I’m a former working musician, and one who supplemented my income by teaching music, so I was easily sold on Beato’s combination of fun music-related videos like “Top 20 Greatest Rock Guitar Sounds” and in-the-weeds educational videos on music theory. His channel is one of many on YouTube that offer music education, cultural preservation, and creative ways to bring great music to wider audiences. So, needless to say, I was less-than-thrilled to see that he had just live streamed a rant against a huge uptick of efforts to block his videos and those by other creators who also rely on using musical elements to create new content. These copyright strikes had been targeting many of these creators’ most successful videos, which often had been around for years and had attracted big audiences -- some with over a million views. One of the impacted videos was Beato’s 20-minute piece on the history of rock guitar, which was taken down for using just 10 seconds of a live, improvised guitar solo by Ozzy Osbourne’s former guitar player, Randy Rhoads. One of Paul Davids’s videos was blocked for playing one chord (Dsus2 for those music geeks following along) in a guitar lesson video. Even in the squishy world of fair use, these seem as close to slam dunk examples of fair use as you can get.
This week featured back-to-back privacy hearings on Capitol Hill to discuss principles for federal privacy legislation. With the one-year anniversary of the European Union’s General Data Protection Regulation implementation coming in May and the California Consumer Privacy Act taking effect in 2020, industry players that have fiercely lobbied against federal privacy legislation in years past are now suddenly calling on Congress to pass a comprehensive privacy bill this year. Here’s a quick look at what happened in each hearing and a few key takeaways.
More details have emerged from the Motherboard investigation into carriers selling their customers’ real-time location data, including assisted GPS (“A-GPS”) data intended only for emergency services. The reports are shocking and illustrate both a brazen disregard for consumer privacy on the part of the companies involved and the disturbing, unregulated behavior of the data brokerage industry. The Federal Communications Commission, led by Chairman Ajit Pai, needs to act immediately to enforce what appears to be a clear violation of the FCC’s rules against the selling of A-GPS data with third parties. In addition, Congress must pass comprehensive privacy legislation that forces the data broker industry out of the shadows and stops the persistent misuse of data at the expense of consumer privacy.
Back in May, the National Telecommunications & Information Administration (NTIA) issued a Notice of Inquiry (NOI) seeking public comments and recommendations from stakeholders on its international internet policy priorities. Among other issues, NTIA sought comment on: 1) challenges to the free flow of information online, 2) the multistakeholder approach to internet governance, and 3) privacy and security. Last week, Public Knowledge submitted its comments in response to NTIA’s public notice. If you’re interested in what we had to say, but not so interested in churning through 10 pages of policy analysis, then please enjoy this high-level summary of our comments submission.
As we have previously outlined in detail, sustainability management provides a useful conceptual framework for crafting forward-looking cybersecurity policy. A sustainable approach to cybersecurity involves, among other things, acknowledging that cybersecurity is a shared responsibility, framing business choices that prioritize security as investments, and engaging broadly in risk management practices. The Internet of Things (IoT) ecosystem has reached (or, arguably, passed) an inflection point in its development, and a sustainability-based security baseline for consumer-facing IoT is past due.
Back in 2011, the Federal Trade Commission alleged that Facebook deceived consumers by failing to keep its promises to protect user privacy. The two parties agreed to settle the charges through something called an “agreement containing consent order.” The Commission also signed a consent agreement with Google that same year. The FTC issued a final Decision and Consent Order regarding the Facebook allegations in 2012. (A consent order is an FTC enforcement tool that operates like a legal settlement.) Without admitting to the complaint’s counts, the parties involved signed a document that basically says, “we both agree to enter this agreement to resolve the allegations in the complaint, so now you have to do the following things, and if you fail to do any of them, the FTC is going to impose financial penalties.”
For nearly three months last summer, the sensitive personal data of more than 145 million American consumers was exposed to bad actors thanks to some “ham-fisted” behavior on the part of credit reporting giant, Equifax. Americans were outraged, and lawmakers began to scrutinize Equifax’s behavior during the breach, including three Equifax senior executives selling shares worth almost $1.8 million in the days after the company discovered the hack.